Revision as of 06:33, 23 October 2011

These are rough instructions of how to manually create basic Debian Etch (4.0) template cache, which can be used to create OpenVZ VEs based on Debian Etch (4.0). (see also /usr/share/doc/vzctl/README.Debian in the vzctl Debian package)

Notes:

You shouldn't be running as root, but as a user that is permitted to use sudo instead. It's a dangerous idea, run as root at your peril.

Anywhere you see /vz, you might really need to use /var/lib/vz instead, especially on a Debian Etch host.

Get new security updates

Install some more packages

Installing packages could be an interactive process so the system might ask some questions. You can install more packages if you'd like. For example:

apt-get install ssh quota less

Set sane permissions for /root directory

chmod 700 /root

Disable root login

This will disable root login by default.

usermod -L root

Disable getty

Disable running gettys on terminals as a VE does not have any:

sed -i -e '/getty/d' /etc/inittab

Disable sync() for syslog

Turn off doing sync() on every write for syslog's log files, to improve I/O performance:

sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/*syslog.conf

Fix /etc/mtab

Link /etc/mtab to /proc/mounts, so df and friends will work:

rm -f /etc/mtab
ln -s /proc/mounts /etc/mtab

Remove some unneeded packages

If you have any packages you'd like to remove, now's the time for it. Here's an example — note that not all of those packages are installed by default in Debian Squeeze (although they were in earlier versions):

Fix SSH host keys

This is only useful if you installed SSH. Each individual VE should have its own pair of SSH host keys. The code below will wipe out the existing SSH keys and instruct the newly-created VE to create new SSH keys on first boot.